Post Reply 
SSL logins not working
Nov. 01, 2012, 12:33 AM
Post: #16
RE: SSL logins not working
until something IN THE WILD *EXISTS*, then filtering SSL with Proxo has NO MORE of an unintended consequence then all web activity passing through a firewall or "parental filter" set up on a 10yr olds computer...

you can argue until you are blue in the teeth, until you can "find", or "create", something IN THE WILD that DEMONSTRATES an "unintended consequence", then you are throwing out NOTHING but "hypotheticals" and conjuring up nothing but CONSPIRACY THEORIES...


again, we simply agree to disagree...
keep on "arguing" if you 'must', but the ONLY way you can "win" is to DEMONSTRATE an UNINTENDED CONSEQUENCE...

ANYTHING outside of that is pure propaganda, hypotheticals, and conspiracy theory...

i challenge you to "create" an UNINTENDED CONSEQUENCE...
anything shy of that is a "lose" in this 'debate'...


Q.E.D. - I WIN!
Add Thank You Quote this message in a reply
Nov. 01, 2012, 12:54 AM
Post: #17
RE: SSL logins not working
factor in things like IPv6 and everything is encrypted...
Proxo does not "alter" that encryption...

the "hack attacks" that do exist in the wild, they exist whether Proxo or a "parental filter" is in place or not, NOT because the "filter", be it Proxo or "parantal controls", 'induced' the hack-attack or even 'elevated' susceptibility...


personally, if you REALLY want to "induce" hack-attack susceptibility, then you should start running "anonymous proxies" and start routing your "traffic" through the "blind trust" thrown behind such "anonymizers"...

one could, theoretically, set up an "anonymous proxy", let's call it "tor", be on line by noon tomorrow, and start pulling out passwords that people have thrown blind trust to their new proxy, they'd have HUNDREDS of passwords before the site ever gets "shut down" or before they decide to shut it down before the "authorities" find it...

that's seriously one to think about - how many people will throw "blind trust" behind an 'anonymous proxy'? if we seriously want to discuss security breaches, let's start there, not at Proxo and SSL...
Add Thank You Quote this message in a reply
Nov. 01, 2012, 02:45 AM
Post: #18
RE: SSL logins not working
ProxFox Wrote:Q.E.D. - I WIN!

No. I'm simple unable to explain what you don't see. I'll continue to side with Scott and the others.

ProxFox Wrote:i challenge you to "create" an UNINTENDED CONSEQUENCE...

LOL, you jest... Our filters too often have unintended consequence. Wink Too many of my posts are about fixing unintended consequences.

In this very thread, http://prxbx.com/forums/showthread.php?t...8#pid16808 , I linked to a post by sidki, http://prxbx.com/forums/showthread.php?t...75#pid3775 . Sidki's post offered ScoJo's filter to make the browser send required cookies while using URL commands. Sidki also pointed out that the filter is "problematic",

sidki Wrote:Say you log in to that.site.com and your personal data are stored in a cookie, which is restricted to that very host - sometimes for a reason. Now, if you go to this.that.site.com with that filter - as posted - activated, the data cookie would be sent to this host as well.

. I'd say the filter has a bad unintended consequence of causing data to be incorrectly shared. It is possible that "that.site.com", "jjoe.that.site.com", and "sidki.that.site.com" are separate sites.

ProxRocks Wrote:you can argue until you are blue in the teeth

Yeah, I prefer them white. Smile!

Have fun.
Add Thank You Quote this message in a reply
Nov. 01, 2012, 11:46 AM (This post was last modified: Nov. 02, 2012 12:19 AM by ProxRocks.)
Post: #19
RE: SSL logins not working
pure HYPOTHETICALS !!!...

the that.site.com versus this.that.site.com cookie concern is purely BOGUS...

if that.site.com sets a cookie value of "itemid=172839;password=whatev;userid=whoev" and that cookie is carried over and given to this.that.site.com, if that site isn't looking for a cookie value of "itemid", then it simply gets dropped...

if this.that.site.com is looking for a cookie value of "password" and/or "userid", yep, you bet your butt the cookie concern is an issue...

BUT if anyone is using the same EXACT password for more than ONE site, then that person is bringing security threats upon themselves !!!... use the same EXACT password on a DOZEN sites, all the more merrily has that person made themselves quite VULNERABLE to hack-attacks... keep the same EXACT password YEAR-AFTER-YEAR, still more VULNERABLE...

most BANKING sites will FORCE you to change your password every three to six months or so...

here at prxbx, WHO CARES, keep the same password for DECADES - but on a BANK SITE?

even a person that uses the same NAME, let's say "ProxRocks", on SEVERAL sites, that isn't passed the same way from one site to the next, the "userid" (aka, "mybbuser") doesn't 'say' "ProxRocks", it's a huge random runon string of characters... that huge random runon string will simply NOT be the EXACT random runon string from one site to the next, regardless of the NAME "ProxRocks" being the SAME...

so carry one cookie over to the next site all you want, the ODDS are so infinitesimally minute that the contents of that cookie will mean anything to the other site is such that to concern yourself with it is total BS...

let alone the infinitesimally minute chance of ever even bumping into a that.site.com versus this.that.site.com in the first place...

take an infinitesimally minute number and multiply it by another infinitesimally minute number, therein is the mathematical odds of the cookie concern you are rambling on and on about...
Add Thank You Quote this message in a reply
Nov. 01, 2012, 11:55 AM
Post: #20
RE: SSL logins not working
"How's come you haven't left your house in over 40 years? Not even so much as to walk outdoors to get the mail?"

"Because there is an infinitesimally minute chance that I could be hit by lightning, I'd rather stay inside and be safe from lightning strikes."




("Okay, but what about a tornado or a hurricane?")
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: